It's doubtful that there is currently a backdoor or anything that would fail an audit.

The problem is the software updates. Whoever controls those keys has an entire domestic fleet a single firmware update away. Probably won't even be DJI, but some either state or non-state hacker that happens to acquire the update keys.